Verification of the IPsec data path before a point-to-point secure tunnel (st0) interface is activated

Feature(s) and their supported products/applications:

[Collapse All]

[Expand All]

The IPsec data path between VPN tunnel endpoints can be verified before the secure tunnel (st0) interface is activated and routes associated with the interface are installed in the Junos OS forwarding table. This feature applies to route-based site-to-site and dynamic endpoint VPNs with st0 interfaces in point-to-point mode. To configure the IPsec data path verification, use the verify-path statement at the [edit security ipsec vpn vpn-name vpn-monitor] hierarchy level. If the peer tunnel endpoint is behind a NAT device, the verify-path destination-ip option must be specified with the original, untranslated IP address of the remote IKE gateway.

Product / Application	Software	Introduced Release
vSRX	Junos OS	15.1X49-D70
SRX300	Junos OS	15.1X49-D70
SRX320	Junos OS	15.1X49-D70
SRX340	Junos OS	15.1X49-D70
SRX345	Junos OS	15.1X49-D70
SRX380	Junos OS	20.1R1
SRX550 HM	Junos OS	15.1X49-D70
SRX1500	Junos OS	15.1X49-D70
SRX1600	Junos OS	23.4R1
SRX5400	Junos OS	15.1X49-D70
SRX5600	Junos OS	15.1X49-D70
SRX5800	Junos OS	15.1X49-D70

Feature Explorer AI

Verification of the IPsec data path before a point-to-point secure tunnel (st0) interface is activated

404: Page not found.

Verification of the IPsec data path before a point-to-point secure tunnel (st0) interface is activated